Appl. No. 10/796,358 

Amdt. dated August 21, 2007 

Reply to Office Action of May 31, 2007 



This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims; 

(Currently amended) A method comprising: 
stalling a heap allocation function call to a heap 

allocation function originating from a request by an application 

for a block of heap buffers- 
predicting a predicted block of said heap buffer to fulfill 

said request ; said predicted block comprising a header portion 

and a data portion reserved for data ; and 

determining if a forward link (F-link) in a F-link field and 

a backward link (B-link) in a B-link field of said header portion 

of said p redicted block are addresses within a heap segment 

associated with said predicted block. 

2. (Original) The method of Claim 1 further comprising 
hooking said heap allocation function. 

3. (Original) The method of Claim 1 further comprising 
determining a size of said block. 

4. (Original) The method of Claim 3 wherein said predicted 
block has said size. 

5. (Original) The method of Claim 3 wherein a freelist 
comprises a plurality of free blocks having said size, said 
predicted block being on said freelist. 

6. (Original) The method of Claim 1 wherein said predicted 
block is on a predicted freelist. 
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7. (Original) The method of Claim 6 further comprising 
determining whether a F-link of a predicted list head of said 
predicted freelist points into said heap segment. 

8. (Original) The method of Claim 6 further comprising 
determining whether a B-link of a predicted next block of said 
predicted freelist points into said heap segment. 

9. (Original) The method of Claim 1 wherein upon a 
determination that said F-link and said B-link of said predicted 
block are not addresses within said heap segment, said method 
further comprising taking corrective action. 

10. (Original) The method of Claim 9 wherein said taking 
corrective action comprises setting said F-link and said B-link 
to be an address of a list head of a freelist comprising said 
predicted block. 

11. (Currently amended) A method comprising: 
stalling a heap deallocation function call to a heap 

deallocation function originating from a release by an 
application of a block of heap buffer, wherein said block is a 
deallocation block that is being deallocated to a deallocation 
freelist; and 

determining if a forward link (F-link) in a F-link field of 
a header portion of a list head of said deallocation freelist and 
a backward link (B-link) in a B-link field of a header portion of 
a first block of said deallocation freelist are addresses within 
a heap segment associated with said deallocation freelist , said 
first block further comprising a data portion reserved for data . 
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12. (Original) The method of Claim 11 further comprising 
reading said F-link and said B-link. 
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13. (Original) The method of Claim 11 further comprising 
hooking said heap deallocation function, 

14. (Currently amended) The method of Claim 11 further 
comprising determining said bloc k being released by said 
application . 

15. (Original) The method of Claim 11 wherein upon a 
determination that said F-link and said B-link are addresses 
within said heap segment, said method further comprising 
releasing said heap deallocation function call. 

16. (Original) The method of Claim 11 wherein upon a 
determination that said F-link or said B-link are not addresses 
within said heap segment, said method further comprising taking 
corrective action. 



17. (Original) The method of Claim 11 wherein said F-link 
or said B-link is a stray F-link or stray B-link, said method 
further comprising determining if said stray F-link or stray B- 
link is a known false positive. 

18. (Original) The method of Claim 11 further comprising 
determining if said block is to be coalesced with other free 
blocks . 



19. (Original) The method of Claim 11 wherein said block 
is to be coalesced with a coalesced block, said method further 
comprising: 

determining if a F-link and a B-link of said coalesced block 
are addresses within a heap segment associated with said 
coalesced block. 
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20. (Original) The method of Claim 19 further comprising 
determining if there are other blocks to be coalesced with said 
block. 

21-24. (Canceled) 

25. (Currently amended) A computer-program product 
comprising a tangible computer- readable medium containing 
computer program code comprising: 

a heap buffer overflow exploitation prevention application 
for stalling a heap allocation function call to a heap allocation 
function originating from a request by an application for a block 
of heap buffer; 

said heap buffer overflow exploitation prevention 
application further for predicting a predicted block of said heap 
buffer to fulfill said request , said predicted block comprising a 
header portion and a data portion reserved for data ; and 

said heap buffer overflow exploitation prevention 
application further for determining if a forward link (F-link) in 
a F-link field and a backward link (B-link) in a B-link field of 
said header portion of said p redicted block are addresses within 
a heap segment associated with said predicted block. 
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